Dan
Sat Aug 30 04:59:00 CDT 2008
Thank you for your feedback, Steve and sorry I did not mean to hurt Microsoft.
"Steve Riley [MSFT]" wrote:
> Dan, I have resisted writing a message like the one I'm writing now but I
> can wait no longer. I'm not exactly sure what it is that you expect to
> accomplish with statements like "web link may be manipulated by others" and
> "poster not responsible if someone hacks post" (other than possibly stoking
> the fears of other readers) nor do I understand your repeated requests for
> me to comment on various things (I am not any kind of Microsoft crystal
> ball).
>
> In the newsgroups I avoid religious arguments about software, engaging in
> flame wars, or questioning people's motives because none of those activities
> do anyone any good. But your exaggerated claims about the realm of possible
> attacks, your continued devotion to "internal safety" vs. "external
> security" (which are terms NO ONE ELSE in the security field uses), your
> frequent invocation of DHS (and your cc-ing the US-CERT in your private
> emails to me -- what's up with that?), and your strange occupation with
> "source code" is really getting quite tiresome.
>
> In this thread you wonder about some kind of "new source code" that might be
> under development. In your thread "Source Code," you lament that, according
> to Wikipedia, Windows 7 "will use the Windows NT source code" -- then later
> on claim that we've got some sort of secret skunkworks project. Do you
> really even understand what source code is? Nowhere in the Wikipedia article
> did I see any reference to Windows NT source code. Do you realize that
> virtually none of the original NT code still exists in the current versions
> of Windows? Much of the architecture (for example -- file storage,
> communications, process handling, and memory managememt) is still in place,
> of course, but nearly every single element has been rewritten and expanded
> to increase reliability and security, and to take advantage of modern
> hardware capabilities. In a reply to "Is DNSSEC supported by Windows?" you
> claim that DOS is required for "internal safety" -- is this a joke? Do you
> understand that DOS is an ancient thing written for a totally different
> time -- when there were no networks, no multitasking, no re-entrance
> (executing the same piece of code multiple simultaneous times), no
> multi-user support, and no concept of virtualizing any of these layers? DOS
> HAS ZERO security of any kind. To claim "society and the world are paying
> for the mistake" of not using DOS in the current version of Windows is
> really rather silly.
>
> Your assertion that "the majority of people here...have...bought the company
> line" is intended to indicate what? What "company" do you mean? Information
> security practices and philosophies have evolved over time to address
> changing business requirements in an age where everything is connected all
> the time using public networks. To claim that "the majority" are wrong and
> that the development practices (and products) of two decades ago will
> somehow save us from all evil shows a fundamental misunderstanding of the
> issues and solutions.
>
> Dan, I am not attacking your motives or impugning your character. But I am
> asking that you rethink your positions (and your allegiances) as you
> continue your journey in field of computer security.
>
>
> --
> Steve Riley
> steve.riley@microsoft.com
>
http://blogs.technet.com/steriley
>
http://www.protectyourwindowsnetwork.com
>
>
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:F78F1DC8-4ADD-4174-BAEE-7FD50FCF635A@microsoft.com...
> > Thanks for your reply MowGreen. I really do respect you and consider you
> > a
> > great asset to this group. I loved when Apple users were so sure of their
> > operating system and computers that they claimed they were really safe and
> > when an Apple, Windows Vista and Ubuntu Linux computer competed against
> > each
> > other the first one to be hacked was the Apple. BTW, have you heard
> > anything
> > about Microsoft new source code that you can publicly share on this
> > newsgroup?
> >
> > "MowGreen [MVP]" wrote:
> >
> >> Where are the Penguin fanbois exclaiming " Linux is the safest OS; it's
> >> impenetrable " ?
> >> C'mon guyz, do your part. You have a role to fill here.
> >>
> >> But, seriously, Dan. Anyone with common sense knows that any system that
> >> is exposed to the internet can be compromised. And, it is irrelevant
> >> which OS one runs.
> >> The key is, never drink 'OS koolaid'. Use the one that suits your
> >> purposes but don't tell everyone that it is ' the most secure ' or ' it
> >> can't be hacked '. That's total nonsense.
> >>
> >>
> >> MowGreen [MVP 2003-2008]
> >> ===============
> >> *-343-* FDNY
> >> Never Forgotten
> >> ===============
> >>
> >>
> >> Dan wrote:
> >>
> >> >
http://www.us-cert.gov/current/index.html#red_hat_releases_openssh_security
> >> >
> >> > {Note: Web Link may be manipulated by others and smart web surfing is
> >> > encouraged like reading in plain text and blocking remote code --
> >> > Disclaimer:
> >> > Poster is not responsible if someone hacks post and web link is
> >> > illegally
> >> > changed}
> >> >
> >> > Here is the information from US-Cert.gov which is a part of DHS: all
> >> > below
> >> > should be considered a quote ". . ."
> >> >
> >> > SSH Key-based Attacks
> >> > added August 26, 2008 at 03:41 pm | updated August 27, 2008 at 03:41 pm
> >> >
> >> > US-CERT is aware of active attacks against linux-based computing
> >> > infrastructures using compromised SSH keys. The attack appears to
> >> > initially
> >> > use stolen SSH keys to gain access to a system, and then uses local
> >> > kernel
> >> > exploits to gain root access. Once root access has been obtained, a
> >> > rootkit
> >> > known as "phalanx2" is installed.
> >> >
> >> > Phalanx2 appears to be a derivative of an older rootkit named
> >> > "phalanx".
> >> > Phalanx2 and the support scripts within the rootkit, are configured to
> >> > systematically steal SSH keys from the compromised system. These SSH
> >> > keys are
> >> > sent to the attackers, who then use them to try to compromise other
> >> > sites and
> >> > other systems of interest at the attacked site.
> >> >
> >> > Detection of phalanx2 as used in this attack may be performed as
> >> > follows:
> >> >
> >> >
> >> > "ls" does not show a directory "/etc/khubd.p2/", but it can be entered
> >> > with
> >> > "cd /etc/khubd.p2".
> >> > "/dev/shm/" may contain files from the attack.
> >> > Any directory named "khubd.p2" is hidden from "ls", but may be entered
> >> > by
> >> > using "cd".
> >> > Changes in the configuration of the rootkit might change the attack
> >> > indicators listed above. Other detection methods may include searching
> >> > for
> >> > hidden processes and checking the reference count in "/etc" against the
> >> > number of directories shown by "ls".
> >> > US-CERT encourages administrators to perform the following actions to
> >> > help
> >> > mitigate the risks:
> >> >
> >> > Proactively identify and examine systems where SSH keys are used as
> >> > part of
> >> > automated processes. These keys will typically do not have passphrases
> >> > or
> >> > passwords.
> >> > Encourage users to use the keys with passphrase or passwords to reduce
> >> > the
> >> > risk if a key is compromised.
> >> > Review access paths to internet facing systems and ensure that systems
> >> > are
> >> > fully patched.
> >> > If a compromise is confirmed, US-CERT recommends the following actions:
> >> >
> >> > Disable key-based SSH authentication on the affected systems, where
> >> > possible.
> >> > Perform an audit of all SSH keys on the affected systems.
> >> > Notify all key owners of the potential compromise of their keys.
> >> > US-CERT will provide additional information as it becomes available.
> >> >
> >> > US-CERT credits DFN-CERT for their contributions regarding this issue.
> >> >
> >> > {Note: to Microsoft only users: The above is provided as a general
> >> > service
> >> > announcement and although it affects Linux systems is provided here
> >> > publically to raise user's awareness of how serious computer attacks
> >> > are
> >> > getting --- thank you for any feedback and have a great day}
> >> >
> >> > Also please use Microsoft's own password tool to generate stronger
> >> > passwords
> >> > that are safe and secure. I hope Steve Riley, MSFT will ocmment for
> >> > all of
> >> > us to benefit on the issue of new security and safety measures and the
> >> > new
> >> > source code Microsoft is slowly but surely developing. That new source
> >> > code
> >> > is what I am super excited about for Microsoft's future.
> >>
>